[Git][security-tracker-team/security-tracker][master] stretch triage

Mon Feb 18 22:28:01 GMT 2019

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
90dc8906 by Moritz Muehlenhoff at 2019-02-18T22:27:35Z
stretch triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2364,10 +2364,11 @@ CVE-2019-7754
 CVE-2019-7753 (Verydows 2.0 has XSS via the index.php?m=api&c=stats&a=count referrer ...)
 	NOT-FOR-US: Verydows
 CVE-2018-20781 (In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user's ...)
-	- gnome-keyring 3.28.0-1
+	- gnome-keyring 3.28.0-1 (unimportant)
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/gnome-keyring/+bug/1772919
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=781486
 	NOTE: https://gitlab.gnome.org/GNOME/gnome-keyring/issues/3
+	NOTE: Not a vulnerability, just a hardening patch
 CVE-2019-7752
 	RESERVED
 CVE-2019-7751
@@ -2613,6 +2614,7 @@ CVE-2019-7660
 CVE-2019-7659 (Genivia gSOAP 2.7.x and 2.8.x before 2.8.75 allows attackers to cause a ...)
 	{DLA-1681-1}
 	- gsoap 2.8.75-1
+	[stretch] - gsoap <no-dsa> (Minor issue)
 	- r-other-x4r <undetermined>
 	NOTE: https://www.genivia.com/advisory.html#Bug_in_gSOAP_versions_2.7.0_to_2.8.74_for_applications_built_with_the_WITH_COOKIES_flag_enabled_
 	NOTE: https://lists.debian.org/debian-lts/2019/02/msg00131.html
@@ -12469,6 +12471,7 @@ CVE-2018-20594 (An issue was discovered in hsweb 3.0.4. It is a reflected XSS ..
 	NOT-FOR-US: hsweb
 CVE-2018-20593 (In Mini-XML (aka mxml) v2.12, there is stack-based buffer overflow in ...)
 	- mxml <unfixed>
+	[stretch] - mxml <ignored> (Minor issue)
 	[jessie] - mxml <no-dsa> (Minor issue, only affects the mxmldoc tool)
 	NOTE: https://github.com/ntu-sec/pocs/blob/master/mxml-53c75b0/crashes/so_mxmldoc.c:2971_1.txt
 	NOTE: https://github.com/ntu-sec/pocs/blob/master/mxml-53c75b0/crashes/so_mxmldoc.c:2971_1.txt.err (error output)
@@ -12478,6 +12481,7 @@ CVE-2018-20593 (In Mini-XML (aka mxml) v2.12, there is stack-based buffer overfl
 	NOTE: upstream tagged the issue with 'wontfix' and removed mxmldoc code completely
 CVE-2018-20592 (In Mini-XML (aka mxml) v2.12, there is a use-after-free in the mxmlAdd ...)
 	- mxml <unfixed>
+	[stretch] - mxml <ignored> (Minor issue)
 	[jessie] - mxml <no-dsa> (Minor issue, only affected the mxmldoc tool)
 	NOTE: https://github.com/ntu-sec/pocs/blob/master/mxml-53c75b0/crashes/uaf_mxml-node.c:128_1.txt
 	NOTE: https://github.com/ntu-sec/pocs/blob/master/mxml-53c75b0/crashes/uaf_mxml-node.c:128_1.txt.err (error output)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/90dc8906034f1c907349984be86df87d8f404cff

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/90dc8906034f1c907349984be86df87d8f404cff
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190218/4feb5abc/attachment.html>
